That technique worked for Missouri’s Chief Information Security Officer Mike Roling, who hired three non-traditional job candidates in a three-year period when there weren't enough internal applicants to fill the posts. Roling has hired a former baker-by-day, bouncer-by-night to serve as an entry-level IT Security Operations Center (SOC) analyst, as well as a former hairdresser and a former IT administrator to serve in similar positions.
When the individuals applied for the positions, two had no IT work experience, but all had some background with technology. The bouncer-baker had majored in networking, while the hairdresser and IT administrator both earned their degrees in computer science.
Each of these hires had unique backgrounds, but one common thread was that they all displayed the skills necessary to be solid SOC analysts, Roling explained. In their previous lives, they all had been in stressful situations that required precision and solid communication — skills that carry over into security operations, he added.
In the bouncer-baker’s case, he hit the ground running by immediately diving into the state’s cybersecurity processes and technologies. With his strong ability to communicate, he led many security operations discussions within state government and at various conferences, according to Roling. Although he was hired three years ago, the SOC analyst recently left state government to join a major anti-phishing company where he focuses on malware analysis.
“He contributed tremendously to state government and it was an honor to have him as a team member,” Roling said.
The hairdresser, who was initially brought on as an intern in 2017 and hired full-time earlier this year, displayed an exceptionally curious and analytical mind that gave her a passion for chasing down unusual SOC activity that could set her on a forensics path after she gains more experience as a systems analyst. And the IT administrator had the benefit of familiarity with Missouri’s IT department and core IT skills.
“Every candidate has a different life story. The individuals with non-IT backgrounds can bring a lot of value into security teams,” explained Roling.
The cybersecurity industry is expected to face a labor shortage of 1.8 million workers by 2020, according to industry trade group (ISC)2. That does not bode well for states, which face challenges in offering IT workers the kinds of salaries, perks, and cool-factor cache available at private-sector firms.
Other Techniques in the Bag
For Eric Boyette, secretary and state CIO for the North Carolina Department of Technology, hiring new IT workers becomes more difficult every day, which means finding new strategies to surmount the problem. Earlier this year, Boyette’s department launched a cybersecurity pilot program that offers apprenticeships to honorably discharged veterans.Five are currently going through the program, receiving training once a week from private-sector partner ISG and then spending the other four days a week working with Boyette’s cybersecurity team. North Carolina’s Department of Information Technology has upward of 1,000 employees, of which 90 percent are IT workers.
To make state government careers more attractive in a tight job market, North Carolina’s IT department offers prospective candidates flexible work hours, given that the agency operates 24 hours a day. Employees can also work remotely. Additionally the IT department plans to redesign its interior with more open workspaces and fewer cubicles, which may lead more candidates, especially millennials, to accept job offers.
“The millennials like open space and we are trying to adapt that into our environment,” said Boyette.
Meredith Ward, senior policy analyst with the National Association of State Chief Information Officers (NASCIO), says Missouri and Washington state are also working toward creating more modern work environments.
“The stereotype of a state office is it will never look like Google or Facebook and instead will be just cubicles,” said Ward. “But Missouri did something cool with the extra space it had when it consolidated its data centers and made more modern office space. States have to look at what the private sector is doing and know they have to modernize.”
Washington launched its MOD WA pilot in November, creating a modern workspace environment available to any state employee. Of the 150 employees who have signed up to use the workspace, members of the Washington Technology Solutions (WaTech) department are among them, according to Dan McConnon, assistant director of technology services and facilities planning at the Office of Financial Management.
Rajiv Das, chief security officer and deputy director with the state of Michigan, uses an innovative organization to also help with job candidate leads. The Michigan Cyber Civilian Corps (MiC3) launched in 2012 and is currently composed of 99 cybersecurity experts who have volunteered to provide assistance should the governor declare a state of emergency in a cyberincident.
“We have not hired from this pool since they work for our public agency partners, but they have referred on a number of job applicants,” Das said. “I know of at least one of them who was hired and he now leads a team within our security operations center and is in middle management.”
Other means CIOs and CISOs use to recruit IT workers include partnering with universities and colleges to have interns work at the government agencies, with the hope of later hiring them after graduation. They also sponsor state hackathons to identify potential talent.
Das has a relationship with roughly half a dozen colleges and universities, and he is considering getting an early jump on identifying talent and potentially grabbing their interest in government IT work by offering a credential program for high school students.
In the future, that may add to the state of Michigan’s IT staff, which comprises approximately 1,800 tech and IT administration-related workers.
